Shoppers are being warned about a clever scam that targets Marks and Spencer bank details. Customers at M&S have been told that fraudsters are attempting to obtain bank details via fake websites.
The scam aims to lead M&S customers to a fake website which is posing to be the officially retailer domain, luring them in with the opportunity to receive a £100 gift card.
Once shoppers find themselves at the misleading websites they will then be asked for personal data, including their bank details. The convincing ads can often appear in Google where fraudsters can take advantage of sponsored search results by posing as major brands.
READ MORE: 'I lost more than £50 by boiling the kettle wrong with this 'ridiculously easy' energy mistake
The fake websites are designed to appear like they are taking you to the retailer's genuine website, when in fact they take you to a page that has nothing to do with them.
One shopper had fallen foul of the scam when they searched for 'M&S' only to be taken to a scam page informing them they could get a £100 gift card, according to Nick Drewe, founder of online discounts platform Wethrift. Nick is warning shoppers to be extra vigilant of M&S fake websites when purchasing goods online.
He said: "These misleading scam adverts are sending shoppers to fake websites that have nothing to do with M&S, luring them in with the opportunity to receive a £100 gift card.
“Once shoppers are directed to the fake website, the page will then ask for personal data, tricking shoppers into being potential victims of fraud.”
Nick has highlighted the most common scams shoppers need to look out for to avoid being a victim of fraud.
Order confirmation scams
A common phishing technique to look out for is fake order confirmation emails. These emails will claim that an order has been confirmed, but won't actually tell you what the order is.
Instead, you'll be encouraged to click on a link to find out. If you do, you will then be directed to a page that looks just like the retailer's site, but it'll be fraudsters who will receive your personal information if you have inputted it any where
Fake invoices
Another example is a fake invoice from a scammer, claiming that your payment hasn't been received. It will then ask you to re-enter your bank details or a request from someone on PayPal asking for payment.
If you receive one of these invoices unexpectedly, regardless of whether you think you have tried to purchase, make sure you read through the information carefully and compare it against your most recent bank statements.
Billing error scam
Often, scammers will email shoppers saying their billing information is incorrect, and that they need to change them immediately or they will lose out on an order.
Usually, when there is a sense of urgency, that's when you should be suspicious, as they hope to draw you into entering your bank details into a fake website that they've made to look like the real deal.
If you are unsure at all about whether an order has gone through, contact the retailer directly with any order confirmation or information so they can give you legitimate information on your account.
Receiving instant messages
Often, you may receive a suspicious-looking message with a link to a well-known website, urging you to click to secure a great deal.
However, the link will most likely be fake, and clicking on it will unleash an intrusion of malware on your device, making your personal information vulnerable.
Scammers will replicate the URL of the retailer’s website and layouts URLs, and as time has gone on, they have become extremely good at it - making it hard to spot whether it is fraudulent or not.
Once they have encouraged people to click, they will then send phishing messages and keylogging malware straight to the target's device.
Phishing emails
A slightly more modern method of fraud is phishing emails that trick users into disclosing sensitive confidential information. Therefore, it is important to not click on any links or pop-ups from sources that you are not familiar with.
The same thing goes for websites. From dodgy URLs (ones with no ‘https.’ or locked padlock symbol on the bar) to poor website design, there are plenty of fraudulent sites you must be wary of.
Fake product reviews
Fake Amazon reviews have particularly skyrocketed this year. These reviews usually feature unusual turns of phrases and are over-packed with technical jargon.
However, humans are the ones promoting these, often for payment from the product manufacturer in return.
There are 'review exchange' clubs online, normally on social media sites, where sellers on sites like Amazon will offer goods in return for overly generous comments - often ones that are extremely misleading.
What to do if you have been scammed?
Contact your bank – This should be the first thing you do, especially if money has already been taken from your account. Immediately replace your cards and change your security details. If you have been scammed, your bank is obligated by law to refund you.
Contact Action Fraud – This is the UK's national fraud and cybercrime reporting centre: Run. You can contact them on 0300 123 2040 to report a scam or visit the ActionFraud website.
Contact the police on 101 – If you are currently being subjected to a live and ongoing cyber attack then contact the police on 101- the earlier the better.
READ NEXT:
Northern train tickets huge sale includes 50p travel to and from Manchester
I compared cheap supermarket tea bags & I might consider ditching Yorkshire Tea
Women claim £10 ‘magic in a box’ cream from Boots reduces wrinkles 'overnight'
Shoppers say 'magic' blanket gives the 'best night's sleep' and helps anxiety